accounts_umask_etc_bashrcEnsure the Default Bash Umask is Set Correctly
accounts_umask_etc_csh_cshrcEnsure the Default C Shell Umask is Set Correctly
accounts_umask_etc_login_defsEnsure the Default Umask is Set Correctly in login.defs
accounts_umask_etc_profileEnsure the Default Umask is Set Correctly in /etc/profile
dir_perms_var_log_httpdSet Permissions on the /var/log/httpd/ Directory
dir_perms_world_writable_sticky_bitsVerify that All World-Writable Directories Have Sticky Bits Set
dir_perms_world_writable_system_ownedEnsure All World-Writable Directories Are Owned by a System Account
directory_permissions_var_log_auditSystem Audit Logs Must Have Mode 0750 or Less Permissive
disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Activation
file_groupowner_cron_dVerify Group Who Owns cron.d
file_groupowner_cron_dailyVerify Group Who Owns cron.daily
file_groupowner_cron_hourlyVerify Group Who Owns cron.hourly
file_groupowner_cron_monthlyVerify Group Who Owns cron.monthly
file_groupowner_cron_weeklyVerify Group Who Owns cron.weekly
file_groupowner_crontabVerify Group Who Owns Crontab
file_groupowner_etc_groupVerify Group Who Owns group File
file_groupowner_etc_gshadowVerify Group Who Owns gshadow File
file_groupowner_etc_passwdVerify Group Who Owns passwd File
file_groupowner_etc_shadowVerify Group Who Owns shadow File
file_groupowner_grub_confVerify /etc/grub.conf Group Ownership
file_groupowner_sshd_configVerify Group Who Owns SSH Server config file
file_owner_cron_dVerify Owner on cron.d
file_owner_cron_dailyVerify Owner on cron.daily
file_owner_cron_hourlyVerify Owner on cron.hourly
file_owner_cron_monthlyVerify Owner on cron.monthly
file_owner_cron_weeklyVerify Owner on cron.weekly
file_owner_crontabVerify Owner on crontab
file_owner_etc_groupVerify User Who Owns group File
file_owner_etc_gshadowVerify User Who Owns gshadow File
file_owner_etc_passwdVerify User Who Owns passwd File
file_owner_etc_shadowVerify User Who Owns shadow File
file_owner_grub_confVerify /etc/grub.conf User Ownership
file_owner_sshd_configVerify Owner on SSH Server config file
file_ownership_binary_dirsVerify that System Executables Have Root Ownership
file_ownership_library_dirsVerify that Shared Library Files Have Root Ownership
file_ownership_var_log_auditSystem Audit Logs Must Be Owned By Root
file_permissions_binary_dirsVerify that System Executables Have Restrictive Permissions
file_permissions_cron_dVerify Permissions on cron.d
file_permissions_cron_dailyVerify Permissions on cron.daily
file_permissions_cron_hourlyVerify Permissions on cron.hourly
file_permissions_cron_monthlyVerify Permissions on cron.monthly
file_permissions_cron_weeklyVerify Permissions on cron.weekly
file_permissions_crontabVerify Permissions on crontab
file_permissions_etc_groupVerify Permissions on group File
file_permissions_etc_gshadowVerify Permissions on gshadow File
file_permissions_etc_passwdVerify Permissions on passwd File
file_permissions_etc_shadowVerify Permissions on shadow File
file_permissions_grub_confVerify /boot/grub/grub.conf Permissions
file_permissions_home_dirsEnsure that User Home Directories are not Group-Writable or World-Readable
file_permissions_httpd_server_conf_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf/
file_permissions_library_dirsVerify that Shared Library Files Have Restrictive Permissions
file_permissions_sshd_configVerify Permissions on SSH Server config file
file_permissions_sshd_private_keyVerify Permissions on SSH Server Private *_key Key Files
file_permissions_sshd_pub_keyVerify Permissions on SSH Server Public *.pub Key Files
file_permissions_unauthorized_sgidEnsure All SGID Executables Are Authorized
file_permissions_unauthorized_suidEnsure All SUID Executables Are Authorized
file_permissions_unauthorized_world_writableEnsure No World-Writable Files Exist
file_permissions_ungroupownedEnsure All Files Are Owned by a Group
file_permissions_var_log_auditSystem Audit Logs Must Have Mode 0640 or Less Permissive
gconf_gnome_disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Key Sequence in GNOME
gconf_gnome_disable_restart_shutdownDisable the GNOME Login Restart and Shutdown Buttons
gnome_gdm_disable_automatic_loginDisable GDM Automatic Login
mount_option_boot_nodevAdd nodev Option to /boot
mount_option_boot_nosuidAdd nosuid Option to /boot
mount_option_dev_shm_nodevAdd nodev Option to /dev/shm
mount_option_dev_shm_noexecAdd noexec Option to /dev/shm
mount_option_dev_shm_nosuidAdd nosuid Option to /dev/shm
mount_option_nodev_nonroot_local_partitionsAdd nodev Option to Non-Root Local Partitions
mount_option_nodev_removable_partitionsAdd nodev Option to Removable Media Partitions
mount_option_noexec_removable_partitionsAdd noexec Option to Removable Media Partitions
mount_option_nosuid_remote_filesystemsMount Remote Filesystems with nosuid
mount_option_nosuid_removable_partitionsAdd nosuid Option to Removable Media Partitions
mount_option_tmp_nodevAdd nodev Option to /tmp
mount_option_tmp_noexecAdd noexec Option to /tmp
mount_option_tmp_nosuidAdd nosuid Option to /tmp
mount_option_var_log_audit_nodevAdd nodev Option to /var/log/audit
mount_option_var_log_audit_noexecAdd noexec Option to /var/log/audit
mount_option_var_log_audit_nosuidAdd nosuid Option to /var/log/audit
mount_option_var_log_nodevAdd nodev Option to /var/log
mount_option_var_log_noexecAdd noexec Option to /var/log
mount_option_var_log_nosuidAdd nosuid Option to /var/log
mount_option_var_nodevAdd nodev Option to /var
mount_option_var_tmp_bindBind Mount /var/tmp To /tmp
no_files_unowned_by_userEnsure All Files Are Owned by a User
rsyslog_files_groupownershipEnsure Log Files Are Owned By Appropriate Group
rsyslog_files_ownershipEnsure Log Files Are Owned By Appropriate User
rsyslog_files_permissionsEnsure System Log Files Have Correct Permissions
sysctl_fs_protected_hardlinksEnable Kernel Parameter to Enforce DAC on Hardlinks
sysctl_fs_protected_symlinksEnable Kernel Parameter to Enforce DAC on Symlinks
umask_for_daemonsSet Daemon Umask
account_disable_post_pw_expirationSet Account Expiration Following Inactivity
account_temp_expire_dateAssign Expiration Date to Temporary Accounts
accounts_logon_fail_delayEnsure the Logon Failure Delay is Set Correctly in login.defs
accounts_max_concurrent_login_sessionsLimit the Number of Concurrent Login Sessions Allowed Per User
accounts_maximum_age_login_defsSet Password Maximum Age
accounts_minimum_age_login_defsSet Password Minimum Age
accounts_password_all_shadowedVerify All Account Password Hashes are Shadowed
accounts_password_minlen_login_defsSet Password Minimum Length in login.defs
accounts_password_warn_age_login_defsSet Password Warning Age
accounts_passwords_pam_faillock_denySet Deny For Failed Password Attempts
accounts_passwords_pam_faillock_intervalSet Interval For Counting Failed Password Attempts
accounts_passwords_pam_faillock_unlock_timeSet Lockout Time for Failed Password Attempts
accounts_root_path_dirs_no_writeEnsure that Root's Path Does Not Include World or Group-Writable Directories
accounts_tmoutSet Interactive Session Timeout
accounts_umask_etc_bashrcEnsure the Default Bash Umask is Set Correctly
accounts_umask_etc_csh_cshrcEnsure the Default C Shell Umask is Set Correctly
accounts_umask_etc_login_defsEnsure the Default Umask is Set Correctly in login.defs
accounts_umask_etc_profileEnsure the Default Umask is Set Correctly in /etc/profile
aide_build_databaseBuild and Test AIDE Database
aide_periodic_cron_checkingConfigure Periodic Execution of AIDE
audit_rules_file_deletion_events_renameEnsure auditd Collects File Deletion Events by User - rename
audit_rules_file_deletion_events_renameatEnsure auditd Collects File Deletion Events by User - renameat
audit_rules_file_deletion_events_rmdirEnsure auditd Collects File Deletion Events by User - rmdir
audit_rules_file_deletion_events_unlinkEnsure auditd Collects File Deletion Events by User - unlink
audit_rules_file_deletion_events_unlinkatEnsure auditd Collects File Deletion Events by User - unlinkat
audit_rules_immutableMake the auditd Configuration Immutable
audit_rules_login_events_faillockRecord Attempts to Alter Logon and Logout Events - faillock
audit_rules_login_events_lastlogRecord Attempts to Alter Logon and Logout Events - lastlog
audit_rules_login_events_tallylogRecord Attempts to Alter Logon and Logout Events - tallylog
audit_rules_privileged_commands_crontabEnsure auditd Collects Information on the Use of Privileged Commands - crontab
audit_rules_privileged_commands_gpasswdEnsure auditd Collects Information on the Use of Privileged Commands - gpasswd
audit_rules_privileged_commands_mountEnsure auditd Collects Information on the Use of Privileged Commands - mount
audit_rules_privileged_commands_newgidmapEnsure auditd Collects Information on the Use of Privileged Commands - newgidmap
audit_rules_privileged_commands_newgrpEnsure auditd Collects Information on the Use of Privileged Commands - newgrp
audit_rules_privileged_commands_newuidmapEnsure auditd Collects Information on the Use of Privileged Commands - newuidmap
audit_rules_privileged_commands_passwdEnsure auditd Collects Information on the Use of Privileged Commands - passwd
audit_rules_privileged_commands_umountEnsure auditd Collects Information on the Use of Privileged Commands - umount
audit_rules_privileged_commands_unix_chkpwdEnsure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
audit_rules_privileged_commands_userhelperEnsure auditd Collects Information on the Use of Privileged Commands - userhelper
audit_rules_privileged_commands_usernetctlEnsure auditd Collects Information on the Use of Privileged Commands - usernetctl
audit_rules_unsuccessful_file_modification_chmodRecord Unsuccessul Permission Changes to Files - chmod
audit_rules_unsuccessful_file_modification_chownRecord Unsuccessul Ownership Changes to Files - chown
audit_rules_unsuccessful_file_modification_creatRecord Unsuccessful Access Attempts to Files - creat
audit_rules_unsuccessful_file_modification_fchmodRecord Unsuccessul Permission Changes to Files - fchmod
audit_rules_unsuccessful_file_modification_fchmodatRecord Unsuccessul Permission Changes to Files - fchmodat
audit_rules_unsuccessful_file_modification_fchownRecord Unsuccessul Ownership Changes to Files - fchown
audit_rules_unsuccessful_file_modification_fchownatRecord Unsuccessul Ownership Changes to Files - fchownat
audit_rules_unsuccessful_file_modification_fremovexattrRecord Unsuccessul Permission Changes to Files - fremovexattr
audit_rules_unsuccessful_file_modification_fsetxattrRecord Unsuccessul Permission Changes to Files - fsetxattr
audit_rules_unsuccessful_file_modification_ftruncateRecord Unsuccessful Access Attempts to Files - ftruncate
audit_rules_unsuccessful_file_modification_lchownRecord Unsuccessul Ownership Changes to Files - lchown
audit_rules_unsuccessful_file_modification_lremovexattrRecord Unsuccessul Permission Changes to Files - lremovexattr
audit_rules_unsuccessful_file_modification_lsetxattrRecord Unsuccessul Permission Changes to Files - lsetxattr
audit_rules_unsuccessful_file_modification_openRecord Unsuccessful Access Attempts to Files - open
audit_rules_unsuccessful_file_modification_open_by_handle_atRecord Unsuccessful Access Attempts to Files - open_by_handle_at
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creatRecord Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_open_o_creatRecord Unsuccessful Creation Attempts to Files - open O_CREAT
audit_rules_unsuccessful_file_modification_open_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_openatRecord Unsuccessful Access Attempts to Files - openat
audit_rules_unsuccessful_file_modification_openat_o_creatRecord Unsuccessful Creation Attempts to Files - openat O_CREAT
audit_rules_unsuccessful_file_modification_openat_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_removexattrRecord Unsuccessul Permission Changes to Files - removexattr
audit_rules_unsuccessful_file_modification_renameRecord Unsuccessul Delete Attempts to Files - rename
audit_rules_unsuccessful_file_modification_renameatRecord Unsuccessul Delete Attempts to Files - renameat
audit_rules_unsuccessful_file_modification_setxattrRecord Unsuccessul Permission Changes to Files - setxattr
audit_rules_unsuccessful_file_modification_truncateRecord Unsuccessful Access Attempts to Files - truncate
audit_rules_unsuccessful_file_modification_unlinkRecord Unsuccessul Delete Attempts to Files - unlink
audit_rules_unsuccessful_file_modification_unlinkatRecord Unsuccessul Delete Attempts to Files - unlinkat
audit_rules_usergroup_modification_groupRecord Events that Modify User/Group Information - /etc/group
audit_rules_usergroup_modification_gshadowRecord Events that Modify User/Group Information - /etc/gshadow
audit_rules_usergroup_modification_passwdRecord Events that Modify User/Group Information - /etc/passwd
audit_rules_usergroup_modification_shadowRecord Events that Modify User/Group Information - /etc/shadow
auditd_audispd_syslog_plugin_activatedConfigure auditd to use audispd's syslog plugin
auditd_data_disk_error_actionConfigure auditd Disk Error Action on Disk Error
auditd_data_disk_full_actionConfigure auditd Disk Full Action when Disk Space Is Full
auditd_data_retention_action_mail_acctConfigure auditd mail_acct Action on Low Disk Space
auditd_data_retention_admin_space_left_actionConfigure auditd admin_space_left Action on Low Disk Space
auditd_data_retention_flushConfigure auditd flush priority
auditd_data_retention_max_log_fileConfigure auditd Max Log File Size
auditd_data_retention_max_log_file_actionConfigure auditd max_log_file_action Upon Reaching Maximum Log Size
auditd_data_retention_num_logsConfigure auditd Number of Logs Retained
auditd_data_retention_space_leftConfigure auditd space_left on Low Disk Space
auditd_data_retention_space_left_actionConfigure auditd space_left Action on Low Disk Space
avahi_check_ttlCheck Avahi Responses' TTL Field
avahi_disable_publishingDisable Avahi Publishing
avahi_ip_onlyServe Avahi Only via Required Protocol
avahi_prevent_port_sharingPrevent Other Programs from Using Avahi's Port
avahi_restrict_published_informationRestrict Information Published by Avahi
bios_disable_usb_bootDisable Booting from USB Devices in Boot Firmware
bios_enable_execution_restrictionsEnable NX or XD Support in the BIOS
cracklib_accounts_password_pam_dcreditSet Password Strength Minimum Digit Characters
cracklib_accounts_password_pam_difokSet Password Strength Minimum Different Characters
cracklib_accounts_password_pam_lcreditSet Password Strength Minimum Lowercase Characters
cracklib_accounts_password_pam_maxrepeatSet Password to Maximum of Three Consecutive Repeating Characters
cracklib_accounts_password_pam_minlenSet Password Minimum Length
cracklib_accounts_password_pam_ocreditSet Password Strength Minimum Special Characters
cracklib_accounts_password_pam_retrySet Password Retry Prompts Permitted Per-Session
cracklib_accounts_password_pam_ucreditSet Password Strength Minimum Uppercase Characters
cups_disable_browsingDisable Printer Browsing Entirely if Possible
cups_disable_printserverDisable Print Server Capabilities
dhcp_server_configure_loggingConfigure Logging
dhcp_server_deny_bootpDeny BOOTP Queries
dhcp_server_deny_declineDeny Decline Messages
dhcp_server_disable_ddnsDo Not Use Dynamic DNS
dhcp_server_minimize_served_infoMinimize Served Information
dir_perms_var_log_httpdSet Permissions on the /var/log/httpd/ Directory
dir_perms_world_writable_sticky_bitsVerify that All World-Writable Directories Have Sticky Bits Set
dir_perms_world_writable_system_ownedEnsure All World-Writable Directories Are Owned by a System Account
directory_access_var_log_auditRecord Access Events to Audit Log Directory
directory_permissions_var_log_auditSystem Audit Logs Must Have Mode 0750 or Less Permissive
disable_anacronDisable anacron Service
disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Activation
disable_host_authDisable Host-Based Authentication
disable_prelinkDisable Prelinking
display_login_attemptsEnsure PAM Displays Last Logon/Access Notification
dns_server_authenticate_zone_transfersAuthenticate Zone Transfers
ensure_gpgcheck_globally_activatedEnsure gpgcheck Enabled In Main yum Configuration
ensure_gpgcheck_never_disabledEnsure gpgcheck Enabled for All yum Package Repositories
ensure_logrotate_activatedEnsure Logrotate Runs Periodically
ensure_redhat_gpgkey_installedEnsure Red Hat GPG Key Installed
file_groupowner_cron_dVerify Group Who Owns cron.d
file_groupowner_cron_dailyVerify Group Who Owns cron.daily
file_groupowner_cron_hourlyVerify Group Who Owns cron.hourly
file_groupowner_cron_monthlyVerify Group Who Owns cron.monthly
file_groupowner_cron_weeklyVerify Group Who Owns cron.weekly
file_groupowner_crontabVerify Group Who Owns Crontab
file_groupowner_etc_groupVerify Group Who Owns group File
file_groupowner_etc_gshadowVerify Group Who Owns gshadow File
file_groupowner_etc_passwdVerify Group Who Owns passwd File
file_groupowner_etc_shadowVerify Group Who Owns shadow File
file_groupowner_grub_confVerify /etc/grub.conf Group Ownership
file_groupowner_sshd_configVerify Group Who Owns SSH Server config file
file_owner_cron_dVerify Owner on cron.d
file_owner_cron_dailyVerify Owner on cron.daily
file_owner_cron_hourlyVerify Owner on cron.hourly
file_owner_cron_monthlyVerify Owner on cron.monthly
file_owner_cron_weeklyVerify Owner on cron.weekly
file_owner_crontabVerify Owner on crontab
file_owner_etc_groupVerify User Who Owns group File
file_owner_etc_gshadowVerify User Who Owns gshadow File
file_owner_etc_passwdVerify User Who Owns passwd File
file_owner_etc_shadowVerify User Who Owns shadow File
file_owner_grub_confVerify /etc/grub.conf User Ownership
file_owner_sshd_configVerify Owner on SSH Server config file
file_ownership_binary_dirsVerify that System Executables Have Root Ownership
file_ownership_library_dirsVerify that Shared Library Files Have Root Ownership
file_ownership_var_log_auditSystem Audit Logs Must Be Owned By Root
file_permissions_binary_dirsVerify that System Executables Have Restrictive Permissions
file_permissions_cron_dVerify Permissions on cron.d
file_permissions_cron_dailyVerify Permissions on cron.daily
file_permissions_cron_hourlyVerify Permissions on cron.hourly
file_permissions_cron_monthlyVerify Permissions on cron.monthly
file_permissions_cron_weeklyVerify Permissions on cron.weekly
file_permissions_crontabVerify Permissions on crontab
file_permissions_etc_groupVerify Permissions on group File
file_permissions_etc_gshadowVerify Permissions on gshadow File
file_permissions_etc_passwdVerify Permissions on passwd File
file_permissions_etc_shadowVerify Permissions on shadow File
file_permissions_grub_confVerify /boot/grub/grub.conf Permissions
file_permissions_home_dirsEnsure that User Home Directories are not Group-Writable or World-Readable
file_permissions_httpd_server_conf_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf/
file_permissions_library_dirsVerify that Shared Library Files Have Restrictive Permissions
file_permissions_sshd_configVerify Permissions on SSH Server config file
file_permissions_sshd_private_keyVerify Permissions on SSH Server Private *_key Key Files
file_permissions_sshd_pub_keyVerify Permissions on SSH Server Public *.pub Key Files
file_permissions_unauthorized_sgidEnsure All SGID Executables Are Authorized
file_permissions_unauthorized_suidEnsure All SUID Executables Are Authorized
file_permissions_unauthorized_world_writableEnsure No World-Writable Files Exist
file_permissions_ungroupownedEnsure All Files Are Owned by a Group
file_permissions_var_log_auditSystem Audit Logs Must Have Mode 0640 or Less Permissive
ftp_restrict_to_anonRestrict Access to Anonymous Users if Possible
gconf_gdm_disable_user_listDisable the User List
gconf_gnome_disable_automountDisable GNOME Automounting
gconf_gnome_disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Key Sequence in GNOME
gconf_gnome_disable_restart_shutdownDisable the GNOME Login Restart and Shutdown Buttons
gconf_gnome_disable_thumbnailersDisable All GNOME Thumbnailers
gconf_gnome_screen_locking_keybindingsSet GNOME Screen Locking Keybindings
gconf_gnome_screensaver_idle_activation_enabledGNOME Desktop Screensaver Mandatory Use
gconf_gnome_screensaver_idle_delaySet GNOME Login Inactivity Timeout
gconf_gnome_screensaver_lock_enabledEnable Screen Lock Activation After Idle Period
gconf_gnome_screensaver_mode_blankImplement Blank Screensaver
gid_passwd_group_sameAll GIDs referenced in /etc/passwd must be defined in /etc/group
gnome_gdm_disable_automatic_loginDisable GDM Automatic Login
gnome_gdm_disable_guest_loginDisable GDM Guest Login
grub_legacy_audit_argumentEnable Auditing for Processes Which Start Prior to the Audit Daemon
grub_legacy_disable_interactive_bootDisable Interactive Boot
grub_legacy_enable_fips_modeEnable FIPS Mode in GRUB Legacy
grub_legacy_nousb_argumentDisable Kernel Support for USB via Bootloader Configuration
grub_legacy_passwordSet Boot Loader Password in grub.conf
harden_ssh_client_crypto_policyHarden SSH client Crypto Policy
harden_sshd_crypto_policyHarden SSHD Crypto Policy
httpd_serversignature_offSet httpd ServerSignature Directive to Off
httpd_servertokens_prodSet httpd ServerTokens Directive to Prod
install_PAE_kernel_on_x86-32Install PAE Kernel on Supported 32-bit x86 Systems
install_antivirusInstall Virus Scanning Software
install_hidsInstall Intrusion Detection Software
installed_OS_is_FIPS_certifiedThe Installed Operating System Is FIPS 140-2 Certified
installed_OS_is_vendor_supportedThe Installed Operating System Is Vendor Supported
kernel_module_bluetooth_disabledDisable Bluetooth Kernel Module
kernel_module_cramfs_disabledDisable Mounting of cramfs
kernel_module_dccp_disabledDisable DCCP Support
kernel_module_freevxfs_disabledDisable Mounting of freevxfs
kernel_module_hfs_disabledDisable Mounting of hfs
kernel_module_hfsplus_disabledDisable Mounting of hfsplus
kernel_module_ipv6_option_disabledDisable IPv6 Networking Support Automatic Loading
kernel_module_jffs2_disabledDisable Mounting of jffs2
kernel_module_rds_disabledDisable RDS Support
kernel_module_sctp_disabledDisable SCTP Support
kernel_module_squashfs_disabledDisable Mounting of squashfs
kernel_module_tipc_disabledDisable TIPC Support
kernel_module_udf_disabledDisable Mounting of udf
kernel_module_usb-storage_disabledDisable Modprobe Loading of USB Storage Driver
kernel_module_vfat_disabledDisable Mounting of vFAT filesystems
ldap_client_start_tlsConfigure LDAP Client to Use TLS For All Transactions
ldap_client_tls_cacertpathConfigure Certificate Directives for LDAP Use of TLS
mount_option_boot_nodevAdd nodev Option to /boot
mount_option_boot_nosuidAdd nosuid Option to /boot
mount_option_dev_shm_nodevAdd nodev Option to /dev/shm
mount_option_dev_shm_noexecAdd noexec Option to /dev/shm
mount_option_dev_shm_nosuidAdd nosuid Option to /dev/shm
mount_option_nodev_nonroot_local_partitionsAdd nodev Option to Non-Root Local Partitions
mount_option_nodev_remote_filesystemsMount Remote Filesystems with nodev
mount_option_nodev_removable_partitionsAdd nodev Option to Removable Media Partitions
mount_option_noexec_removable_partitionsAdd noexec Option to Removable Media Partitions
mount_option_nosuid_removable_partitionsAdd nosuid Option to Removable Media Partitions
mount_option_tmp_nodevAdd nodev Option to /tmp
mount_option_tmp_noexecAdd noexec Option to /tmp
mount_option_tmp_nosuidAdd nosuid Option to /tmp
mount_option_var_log_audit_nodevAdd nodev Option to /var/log/audit
mount_option_var_log_audit_noexecAdd noexec Option to /var/log/audit
mount_option_var_log_audit_nosuidAdd nosuid Option to /var/log/audit
mount_option_var_log_nodevAdd nodev Option to /var/log
mount_option_var_log_noexecAdd noexec Option to /var/log
mount_option_var_log_nosuidAdd nosuid Option to /var/log
mount_option_var_nodevAdd nodev Option to /var
mount_option_var_tmp_bindBind Mount /var/tmp To /tmp
network_disable_zeroconfDisable Zeroconf Networking
network_ipv6_disable_rpcDisable Support for RPC IPv6
network_sniffer_disabledEnsure System is Not Acting as a Network Sniffer
no_direct_root_loginsDirect root Logins Not Allowed
no_empty_passwordsPrevent Login to Accounts With Empty Password
no_files_unowned_by_userEnsure All Files Are Owned by a User
no_netrc_filesVerify No netrc Files Exist
no_password_auth_for_systemaccountsEnsure that System Accounts Are Locked
no_rsh_trust_filesRemove Rsh Trust Files
no_shelllogin_for_systemaccountsEnsure that System Accounts Do Not Run a Shell Upon Login
ntpd_specify_multiple_serversSpecify Additional Remote NTP Servers
ntpd_specify_remote_serverSpecify a Remote NTP Server
package_aide_installedInstall AIDE
package_audit_installedEnsure the audit Subsystem is Installed
package_bind_removedUninstall bind Package
package_cron_installedInstall the cron service
package_dhcp_removedUninstall DHCP Server Package
package_dracut-fips-aesni_installedInstall the dracut-fips-aesni Package
package_dracut-fips_installedInstall the dracut-fips Package
package_httpd_removedUninstall httpd Package
package_inetutils-telnetd_removedUninstall the inet-based telnet server
package_iptables_installedInstall iptables Package
package_libreswan_installedInstall libreswan Package
package_ntp_installedInstall the ntp service
package_openldap-servers_removedUninstall openldap-servers Package
package_openssh-server_installedInstall the OpenSSH Server Package
package_psacct_installedInstall the psacct package
package_rsh-server_removedUninstall rsh-server Package
package_rsyslog_installedEnsure rsyslog is Installed
package_screen_installedInstall the screen Package
package_sendmail_removedUninstall Sendmail Package
package_sssd_installedInstall the SSSD Package
package_sudo_installedInstall sudo Package
package_syslogng_installedEnsure syslog-ng is Installed
package_telnet-server_removedUninstall telnet-server Package
package_telnetd-ssl_removedUninstall the ssl compliant telnet server
package_telnetd_removedUninstall the telnet server
package_tftp-server_removedUninstall tftp-server Package
package_vsftpd_installedInstall vsftpd Package
package_vsftpd_removedUninstall vsftpd Package
package_xinetd_removedUninstall xinetd Package
package_xorg-x11-server-common_removedRemove the X Windows Package Group
package_ypserv_removedUninstall ypserv Package
partition_for_var_logEnsure /var/log Located On Separate Partition
postfix_client_configure_mail_aliasConfigure System to Forward All Mail For The Root Account
postfix_network_listening_disabledDisable Postfix Network Listening
require_singleuser_authRequire Authentication for Single User Mode
restrict_nfs_clients_to_privileged_portsRestrict NFS Clients to Privileged Ports
restrict_serial_port_loginsRestrict Serial Port Root Logins
root_path_defaultRoot Path Must Be Vendor Default
root_path_no_dotEnsure that Root's Path Does Not Include Relative Paths or Null Directories
rsyslog_accept_remote_messages_tcpEnable rsyslog to Accept Messages via TCP, if Acting As Log Server
rsyslog_accept_remote_messages_udpEnable rsyslog to Accept Messages via UDP, if Acting As Log Server
rsyslog_files_groupownershipEnsure Log Files Are Owned By Appropriate Group
rsyslog_files_ownershipEnsure Log Files Are Owned By Appropriate User
rsyslog_files_permissionsEnsure System Log Files Have Correct Permissions
rsyslog_nolistenEnsure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
rsyslog_remote_loghostEnsure Logs Sent To Remote Host
securetty_root_login_console_onlyRestrict Virtual Console Root Logins
security_patches_up_to_dateEnsure Software Patches Installed
selinux_all_devicefiles_labeledEnsure No Device Files are Unlabeled by SELinux
selinux_confinement_of_daemonsEnsure No Daemons are Unconfined by SELinux
service_abrtd_disabledDisable Automatic Bug Reporting Tool (abrtd)
service_acpid_disabledDisable Advanced Configuration and Power Interface (acpid)
service_atd_disabledDisable At Service (atd)
service_auditd_enabledEnable auditd Service
service_autofs_disabledDisable the Automounter
service_avahi-daemon_disabledDisable Avahi Server Software
service_bluetooth_disabledDisable Bluetooth Service
service_certmonger_disabledDisable Certmonger Service (certmonger)
service_cgconfig_disabledDisable Control Group Config (cgconfig)
service_cgred_disabledDisable Control Group Rules Engine (cgred)
service_cpuspeed_disabledDisable CPU Speed (cpuspeed)
service_cron_enabledEnable cron Service
service_crond_enabledEnable cron Service
service_cups_disabledDisable the CUPS Service
service_dhcpd_disabledDisable DHCP Service
service_haldaemon_disabledDisable Hardware Abstraction Layer Service (haldaemon)
service_httpd_disabledDisable httpd Service
service_ip6tables_enabledVerify ip6tables Enabled if Using IPv6
service_iptables_enabledVerify iptables Enabled
service_irqbalance_enabledEnable IRQ Balance (irqbalance)
service_kdump_disabledDisable KDump Kernel Crash Analyzer (kdump)
service_mdmonitor_disabledDisable Software RAID Monitor (mdmonitor)
service_messagebus_disabledDisable D-Bus IPC Service (messagebus)
service_named_disabledDisable named Service
service_netconsole_disabledDisable Network Console (netconsole)
service_nfs_disabledDisable Network File System (nfs)
service_ntp_enabledEnable the NTP Daemon
service_ntpd_enabledEnable the NTP Daemon
service_ntpdate_disabledDisable ntpdate Service (ntpdate)
service_oddjobd_disabledDisable Odd Job Daemon (oddjobd)
service_pcscd_enabledEnable the pcscd Service
service_portreserve_disabledDisable Portreserve (portreserve)
service_psacct_enabledEnable Process Accounting (psacct)
service_qpidd_disabledDisable Apache Qpid (qpidd)
service_quota_nld_disabledDisable Quota Netlink (quota_nld)
service_rdisc_disabledDisable Network Router Discovery Daemon (rdisc)
service_restorecond_enabledEnable the SELinux Context Restoration Service (restorecond)
service_rexec_disabledDisable rexec Service
service_rhnsd_disabledDisable Red Hat Network Service (rhnsd)
service_rhsmcertd_disabledDisable Red Hat Subscription Manager Daemon (rhsmcertd)
service_rlogin_disabledDisable rlogin Service
service_rsh_disabledDisable rsh Service
service_rsyslog_enabledEnable rsyslog Service
service_saslauthd_disabledDisable Cyrus SASL Authentication Daemon (saslauthd)
service_smartd_disabledDisable SMART Disk Monitoring Service (smartd)
service_sssd_enabledEnable the SSSD Service
service_syslogng_enabledEnable syslog-ng Service
service_sysstat_disabledDisable System Statistics Reset Service (sysstat)
service_telnet_disabledDisable telnet Service
service_tftp_disabledDisable tftp Service
service_vsftpd_disabledDisable vsftpd Service
service_xinetd_disabledDisable xinetd Service
service_ypbind_disabledDisable ypbind Service
set_ip6tables_default_ruleSet Default ip6tables Policy for Incoming Packets
set_iptables_default_ruleSet Default iptables Policy for Incoming Packets
set_iptables_default_rule_forwardSet Default iptables Policy for Forwarded Packets
set_password_hashing_algorithm_libuserconfSet Password Hashing Algorithm in /etc/libuser.conf
set_password_hashing_algorithm_logindefsSet Password Hashing Algorithm in /etc/login.defs
set_password_hashing_algorithm_systemauthSet PAM's Password Hashing Algorithm
smartcard_authEnable Smart Card Login
sshd_allow_only_protocol2Allow Only SSH Protocol 2
sshd_disable_compressionDisable Compression Or Set Compression to delayed
sshd_disable_empty_passwordsDisable SSH Access via Empty Passwords
sshd_disable_gssapi_authDisable GSSAPI Authentication
sshd_disable_kerb_authDisable Kerberos Authentication
sshd_disable_rhostsDisable SSH Support for .rhosts Files
sshd_disable_rhosts_rsaDisable SSH Support for Rhosts RSA Authentication
sshd_disable_root_loginDisable SSH Root Login
sshd_disable_user_known_hostsDisable SSH Support for User Known Hosts
sshd_do_not_permit_user_envDo Not Allow SSH Environment Options
sshd_enable_strictmodesEnable Use of Strict Mode Checking
sshd_enable_warning_bannerEnable SSH Warning Banner
sshd_enable_x11_forwardingEnable Encrypted X11 Forwarding
sshd_limit_user_accessLimit Users' SSH Access
sshd_print_last_logEnable SSH Print Last Log
sshd_set_idle_timeoutSet SSH Idle Timeout Interval
sshd_set_keepaliveSet SSH Client Alive Max Count
sshd_set_loglevel_infoSet LogLevel to INFO
sshd_set_loglevel_verboseSet SSH Daemon LogLevel to VERBOSE
sshd_use_approved_ciphersUse Only FIPS 140-2 Validated Ciphers
sshd_use_approved_macsUse Only FIPS 140-2 Validated MACs
sshd_use_priv_separationEnable Use of Privilege Separation
sssd_memcache_timeoutConfigure SSSD's Memory Cache to Expire
sssd_offline_cred_expirationConfigure SSSD to Expire Offline Credentials
sssd_ssh_known_hosts_timeoutConfigure SSSD to Expire SSH Known Hosts
sudo_remove_no_authenticateEnsure Users Re-Authenticate for Privilege Escalation - sudo !authenticate
sudo_remove_nopasswdEnsure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
sudo_require_authenticationEnsure Users Re-Authenticate for Privilege Escalation - sudo
sysconfig_networking_bootproto_ifcfgDisable DHCP Client in ifcfg
sysctl_fs_protected_hardlinksEnable Kernel Parameter to Enforce DAC on Hardlinks
sysctl_fs_protected_symlinksEnable Kernel Parameter to Enforce DAC on Symlinks
sysctl_kernel_exec_shieldEnable ExecShield via sysctl
sysctl_kernel_kptr_restrictRestrict Exposed Kernel Pointer Addresses Access
sysctl_kernel_randomize_va_spaceEnable Randomized Layout of Virtual Address Space
sysctl_net_ipv4_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv4 Interfaces
sysctl_net_ipv4_conf_all_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_secure_redirectsDisable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
sysctl_net_ipv4_conf_default_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
sysctl_net_ipv4_tcp_syncookiesEnable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces
sysctl_net_ipv6_conf_all_accept_raConfigure Accepting Router Advertisements on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
sysctl_net_ipv6_conf_all_forwardingDisable Kernel Parameter for IPv6 Forwarding
sysctl_net_ipv6_conf_default_accept_raDisable Accepting Router Advertisements on all IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
sysctl_net_ipv6_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
umask_for_daemonsSet Daemon Umask
wireless_disable_in_biosDisable WiFi or Bluetooth in BIOS
wireless_disable_interfacesDeactivate Wireless Network Interfaces
xwindows_runlevel_settingDisable X Windows Startup By Setting Runlevel
avahi_disable_publishingDisable Avahi Publishing
avahi_prevent_port_sharingPrevent Other Programs from Using Avahi's Port
avahi_restrict_published_informationRestrict Information Published by Avahi
cups_disable_browsingDisable Printer Browsing Entirely if Possible
cups_disable_printserverDisable Print Server Capabilities
dhcp_server_deny_bootpDeny BOOTP Queries
dhcp_server_deny_declineDeny Decline Messages
dhcp_server_disable_ddnsDo Not Use Dynamic DNS
dhcp_server_minimize_served_infoMinimize Served Information
dir_perms_var_log_httpdSet Permissions on the /var/log/httpd/ Directory
disable_anacronDisable anacron Service
disable_host_authDisable Host-Based Authentication
dns_server_authenticate_zone_transfersAuthenticate Zone Transfers
file_permissions_httpd_server_conf_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf/
ftp_restrict_to_anonRestrict Access to Anonymous Users if Possible
gconf_gnome_disable_automountDisable GNOME Automounting
gconf_gnome_disable_thumbnailersDisable All GNOME Thumbnailers
gnome_gdm_disable_guest_loginDisable GDM Guest Login
httpd_serversignature_offSet httpd ServerSignature Directive to Off
httpd_servertokens_prodSet httpd ServerTokens Directive to Prod
kernel_module_bluetooth_disabledDisable Bluetooth Kernel Module
kernel_module_cramfs_disabledDisable Mounting of cramfs
kernel_module_dccp_disabledDisable DCCP Support
kernel_module_freevxfs_disabledDisable Mounting of freevxfs
kernel_module_hfs_disabledDisable Mounting of hfs
kernel_module_hfsplus_disabledDisable Mounting of hfsplus
kernel_module_ipv6_option_disabledDisable IPv6 Networking Support Automatic Loading
kernel_module_jffs2_disabledDisable Mounting of jffs2
kernel_module_rds_disabledDisable RDS Support
kernel_module_sctp_disabledDisable SCTP Support
kernel_module_squashfs_disabledDisable Mounting of squashfs
kernel_module_tipc_disabledDisable TIPC Support
kernel_module_udf_disabledDisable Mounting of udf
kernel_module_usb-storage_disabledDisable Modprobe Loading of USB Storage Driver
kernel_module_vfat_disabledDisable Mounting of vFAT filesystems
mount_option_boot_nodevAdd nodev Option to /boot
mount_option_boot_nosuidAdd nosuid Option to /boot
mount_option_dev_shm_nodevAdd nodev Option to /dev/shm
mount_option_dev_shm_noexecAdd noexec Option to /dev/shm
mount_option_dev_shm_nosuidAdd nosuid Option to /dev/shm
mount_option_nodev_nonroot_local_partitionsAdd nodev Option to Non-Root Local Partitions
mount_option_nodev_removable_partitionsAdd nodev Option to Removable Media Partitions
mount_option_noexec_removable_partitionsAdd noexec Option to Removable Media Partitions
mount_option_nosuid_removable_partitionsAdd nosuid Option to Removable Media Partitions
mount_option_tmp_nodevAdd nodev Option to /tmp
mount_option_tmp_noexecAdd noexec Option to /tmp
mount_option_tmp_nosuidAdd nosuid Option to /tmp
mount_option_var_log_audit_nodevAdd nodev Option to /var/log/audit
mount_option_var_log_audit_noexecAdd noexec Option to /var/log/audit
mount_option_var_log_audit_nosuidAdd nosuid Option to /var/log/audit
mount_option_var_log_nodevAdd nodev Option to /var/log
mount_option_var_log_noexecAdd noexec Option to /var/log
mount_option_var_log_nosuidAdd nosuid Option to /var/log
mount_option_var_nodevAdd nodev Option to /var
mount_option_var_tmp_bindBind Mount /var/tmp To /tmp
network_disable_zeroconfDisable Zeroconf Networking
network_ipv6_disable_rpcDisable Support for RPC IPv6
network_sniffer_disabledEnsure System is Not Acting as a Network Sniffer
no_rsh_trust_filesRemove Rsh Trust Files
package_bind_removedUninstall bind Package
package_dhcp_removedUninstall DHCP Server Package
package_httpd_removedUninstall httpd Package
package_inetutils-telnetd_removedUninstall the inet-based telnet server
package_openldap-servers_removedUninstall openldap-servers Package
package_rsh-server_removedUninstall rsh-server Package
package_sendmail_removedUninstall Sendmail Package
package_telnet-server_removedUninstall telnet-server Package
package_telnetd-ssl_removedUninstall the ssl compliant telnet server
package_telnetd_removedUninstall the telnet server
package_tftp-server_removedUninstall tftp-server Package
package_vsftpd_removedUninstall vsftpd Package
package_xinetd_removedUninstall xinetd Package
package_xorg-x11-server-common_removedRemove the X Windows Package Group
package_ypserv_removedUninstall ypserv Package
postfix_network_listening_disabledDisable Postfix Network Listening
restrict_nfs_clients_to_privileged_portsRestrict NFS Clients to Privileged Ports
rsyslog_nolistenEnsure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
selinux_all_devicefiles_labeledEnsure No Device Files are Unlabeled by SELinux
selinux_confinement_of_daemonsEnsure No Daemons are Unconfined by SELinux
service_abrtd_disabledDisable Automatic Bug Reporting Tool (abrtd)
service_acpid_disabledDisable Advanced Configuration and Power Interface (acpid)
service_atd_disabledDisable At Service (atd)
service_autofs_disabledDisable the Automounter
service_avahi-daemon_disabledDisable Avahi Server Software
service_bluetooth_disabledDisable Bluetooth Service
service_certmonger_disabledDisable Certmonger Service (certmonger)
service_cgconfig_disabledDisable Control Group Config (cgconfig)
service_cgred_disabledDisable Control Group Rules Engine (cgred)
service_cpuspeed_disabledDisable CPU Speed (cpuspeed)
service_cups_disabledDisable the CUPS Service
service_dhcpd_disabledDisable DHCP Service
service_haldaemon_disabledDisable Hardware Abstraction Layer Service (haldaemon)
service_httpd_disabledDisable httpd Service
service_irqbalance_enabledEnable IRQ Balance (irqbalance)
service_kdump_disabledDisable KDump Kernel Crash Analyzer (kdump)
service_mdmonitor_disabledDisable Software RAID Monitor (mdmonitor)
service_messagebus_disabledDisable D-Bus IPC Service (messagebus)
service_named_disabledDisable named Service
service_netconsole_disabledDisable Network Console (netconsole)
service_nfs_disabledDisable Network File System (nfs)
service_ntpdate_disabledDisable ntpdate Service (ntpdate)
service_oddjobd_disabledDisable Odd Job Daemon (oddjobd)
service_portreserve_disabledDisable Portreserve (portreserve)
service_qpidd_disabledDisable Apache Qpid (qpidd)
service_quota_nld_disabledDisable Quota Netlink (quota_nld)
service_rdisc_disabledDisable Network Router Discovery Daemon (rdisc)
service_restorecond_enabledEnable the SELinux Context Restoration Service (restorecond)
service_rexec_disabledDisable rexec Service
service_rhnsd_disabledDisable Red Hat Network Service (rhnsd)
service_rhsmcertd_disabledDisable Red Hat Subscription Manager Daemon (rhsmcertd)
service_rlogin_disabledDisable rlogin Service
service_rsh_disabledDisable rsh Service
service_saslauthd_disabledDisable Cyrus SASL Authentication Daemon (saslauthd)
service_smartd_disabledDisable SMART Disk Monitoring Service (smartd)
service_sysstat_disabledDisable System Statistics Reset Service (sysstat)
service_telnet_disabledDisable telnet Service
service_tftp_disabledDisable tftp Service
service_vsftpd_disabledDisable vsftpd Service
service_xinetd_disabledDisable xinetd Service
service_ypbind_disabledDisable ypbind Service
sshd_disable_compressionDisable Compression Or Set Compression to delayed
sshd_disable_empty_passwordsDisable SSH Access via Empty Passwords
sshd_disable_gssapi_authDisable GSSAPI Authentication
sshd_disable_kerb_authDisable Kerberos Authentication
sshd_disable_rhostsDisable SSH Support for .rhosts Files
sshd_disable_rhosts_rsaDisable SSH Support for Rhosts RSA Authentication
sshd_disable_root_loginDisable SSH Root Login
sshd_disable_user_known_hostsDisable SSH Support for User Known Hosts
sshd_do_not_permit_user_envDo Not Allow SSH Environment Options
sysctl_net_ipv4_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv4 Interfaces
sysctl_net_ipv4_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_secure_redirectsDisable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_secure_redirectsConfigure Kernel Parameter for Accepting Secure Redirects By Default
sysctl_net_ipv4_conf_default_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
sysctl_net_ipv4_icmp_echo_ignore_broadcastsEnable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
sysctl_net_ipv4_icmp_ignore_bogus_error_responsesEnable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces
sysctl_net_ipv4_ip_forwardDisable Kernel Parameter for IP Forwarding on IPv4 Interfaces
sysctl_net_ipv4_tcp_syncookiesEnable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces
sysctl_net_ipv6_conf_all_accept_raConfigure Accepting Router Advertisements on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
sysctl_net_ipv6_conf_all_forwardingDisable Kernel Parameter for IPv6 Forwarding
sysctl_net_ipv6_conf_default_accept_raDisable Accepting Router Advertisements on all IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
sysctl_net_ipv6_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
tftpd_uses_secure_modeEnsure tftp Daemon Uses Secure Mode
wireless_disable_in_biosDisable WiFi or Bluetooth in BIOS
wireless_disable_interfacesDeactivate Wireless Network Interfaces
xwindows_runlevel_settingDisable X Windows Startup By Setting Runlevel
avahi_disable_publishingDisable Avahi Publishing
avahi_prevent_port_sharingPrevent Other Programs from Using Avahi's Port
avahi_restrict_published_informationRestrict Information Published by Avahi
bios_disable_usb_bootDisable Booting from USB Devices in Boot Firmware
cups_disable_browsingDisable Printer Browsing Entirely if Possible
cups_disable_printserverDisable Print Server Capabilities
dhcp_server_deny_bootpDeny BOOTP Queries
dhcp_server_deny_declineDeny Decline Messages
dhcp_server_disable_ddnsDo Not Use Dynamic DNS
dhcp_server_minimize_served_infoMinimize Served Information
dir_perms_var_log_httpdSet Permissions on the /var/log/httpd/ Directory
disable_anacronDisable anacron Service
disable_host_authDisable Host-Based Authentication
dns_server_authenticate_zone_transfersAuthenticate Zone Transfers
file_permissions_httpd_server_conf_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf/
ftp_restrict_to_anonRestrict Access to Anonymous Users if Possible
gconf_gdm_disable_user_listDisable the User List
gconf_gnome_disable_automountDisable GNOME Automounting
gconf_gnome_disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Key Sequence in GNOME
gconf_gnome_disable_restart_shutdownDisable the GNOME Login Restart and Shutdown Buttons
gconf_gnome_disable_thumbnailersDisable All GNOME Thumbnailers
gnome_gdm_disable_automatic_loginDisable GDM Automatic Login
gnome_gdm_disable_guest_loginDisable GDM Guest Login
httpd_serversignature_offSet httpd ServerSignature Directive to Off
httpd_servertokens_prodSet httpd ServerTokens Directive to Prod
kernel_module_bluetooth_disabledDisable Bluetooth Kernel Module
kernel_module_cramfs_disabledDisable Mounting of cramfs
kernel_module_dccp_disabledDisable DCCP Support
kernel_module_freevxfs_disabledDisable Mounting of freevxfs
kernel_module_hfs_disabledDisable Mounting of hfs
kernel_module_hfsplus_disabledDisable Mounting of hfsplus
kernel_module_ipv6_option_disabledDisable IPv6 Networking Support Automatic Loading
kernel_module_jffs2_disabledDisable Mounting of jffs2
kernel_module_rds_disabledDisable RDS Support
kernel_module_sctp_disabledDisable SCTP Support
kernel_module_squashfs_disabledDisable Mounting of squashfs
kernel_module_tipc_disabledDisable TIPC Support
kernel_module_udf_disabledDisable Mounting of udf
kernel_module_usb-storage_disabledDisable Modprobe Loading of USB Storage Driver
kernel_module_vfat_disabledDisable Mounting of vFAT filesystems
mount_option_boot_nodevAdd nodev Option to /boot
mount_option_boot_nosuidAdd nosuid Option to /boot
mount_option_dev_shm_nodevAdd nodev Option to /dev/shm
mount_option_dev_shm_noexecAdd noexec Option to /dev/shm
mount_option_dev_shm_nosuidAdd nosuid Option to /dev/shm
mount_option_nodev_nonroot_local_partitionsAdd nodev Option to Non-Root Local Partitions
mount_option_nodev_removable_partitionsAdd nodev Option to Removable Media Partitions
mount_option_noexec_removable_partitionsAdd noexec Option to Removable Media Partitions
mount_option_nosuid_removable_partitionsAdd nosuid Option to Removable Media Partitions
mount_option_tmp_nodevAdd nodev Option to /tmp
mount_option_tmp_noexecAdd noexec Option to /tmp
mount_option_tmp_nosuidAdd nosuid Option to /tmp
mount_option_var_log_audit_nodevAdd nodev Option to /var/log/audit
mount_option_var_log_audit_noexecAdd noexec Option to /var/log/audit
mount_option_var_log_audit_nosuidAdd nosuid Option to /var/log/audit
mount_option_var_log_nodevAdd nodev Option to /var/log
mount_option_var_log_noexecAdd noexec Option to /var/log
mount_option_var_log_nosuidAdd nosuid Option to /var/log
mount_option_var_nodevAdd nodev Option to /var
mount_option_var_tmp_bindBind Mount /var/tmp To /tmp
network_disable_zeroconfDisable Zeroconf Networking
network_ipv6_disable_rpcDisable Support for RPC IPv6
network_sniffer_disabledEnsure System is Not Acting as a Network Sniffer
no_rsh_trust_filesRemove Rsh Trust Files
package_bind_removedUninstall bind Package
package_dhcp_removedUninstall DHCP Server Package
package_httpd_removedUninstall httpd Package
package_inetutils-telnetd_removedUninstall the inet-based telnet server
package_openldap-servers_removedUninstall openldap-servers Package
package_rsh-server_removedUninstall rsh-server Package
package_sendmail_removedUninstall Sendmail Package
package_telnet-server_removedUninstall telnet-server Package
package_telnetd-ssl_removedUninstall the ssl compliant telnet server
package_telnetd_removedUninstall the telnet server
package_tftp-server_removedUninstall tftp-server Package
package_vsftpd_removedUninstall vsftpd Package
package_xinetd_removedUninstall xinetd Package
package_xorg-x11-server-common_removedRemove the X Windows Package Group
package_ypserv_removedUninstall ypserv Package
postfix_network_listening_disabledDisable Postfix Network Listening
restrict_nfs_clients_to_privileged_portsRestrict NFS Clients to Privileged Ports
rsyslog_nolistenEnsure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
selinux_all_devicefiles_labeledEnsure No Device Files are Unlabeled by SELinux
selinux_confinement_of_daemonsEnsure No Daemons are Unconfined by SELinux
service_acpid_disabledDisable Advanced Configuration and Power Interface (acpid)
service_atd_disabledDisable At Service (atd)
service_autofs_disabledDisable the Automounter
service_avahi-daemon_disabledDisable Avahi Server Software
service_bluetooth_disabledDisable Bluetooth Service
service_certmonger_disabledDisable Certmonger Service (certmonger)
service_cgconfig_disabledDisable Control Group Config (cgconfig)
service_cgred_disabledDisable Control Group Rules Engine (cgred)
service_cpuspeed_disabledDisable CPU Speed (cpuspeed)
service_cups_disabledDisable the CUPS Service
service_dhcpd_disabledDisable DHCP Service
service_haldaemon_disabledDisable Hardware Abstraction Layer Service (haldaemon)
service_httpd_disabledDisable httpd Service
service_ip6tables_enabledVerify ip6tables Enabled if Using IPv6
service_iptables_enabledVerify iptables Enabled
service_irqbalance_enabledEnable IRQ Balance (irqbalance)
service_kdump_disabledDisable KDump Kernel Crash Analyzer (kdump)
service_mdmonitor_disabledDisable Software RAID Monitor (mdmonitor)
service_messagebus_disabledDisable D-Bus IPC Service (messagebus)
service_named_disabledDisable named Service
service_netconsole_disabledDisable Network Console (netconsole)
service_nfs_disabledDisable Network File System (nfs)
service_ntpdate_disabledDisable ntpdate Service (ntpdate)
service_oddjobd_disabledDisable Odd Job Daemon (oddjobd)
service_portreserve_disabledDisable Portreserve (portreserve)
service_qpidd_disabledDisable Apache Qpid (qpidd)
service_quota_nld_disabledDisable Quota Netlink (quota_nld)
service_rdisc_disabledDisable Network Router Discovery Daemon (rdisc)
service_restorecond_enabledEnable the SELinux Context Restoration Service (restorecond)
service_rexec_disabledDisable rexec Service
service_rhnsd_disabledDisable Red Hat Network Service (rhnsd)
service_rhsmcertd_disabledDisable Red Hat Subscription Manager Daemon (rhsmcertd)
service_rlogin_disabledDisable rlogin Service
service_rsh_disabledDisable rsh Service
service_saslauthd_disabledDisable Cyrus SASL Authentication Daemon (saslauthd)
service_smartd_disabledDisable SMART Disk Monitoring Service (smartd)
service_sysstat_disabledDisable System Statistics Reset Service (sysstat)
service_telnet_disabledDisable telnet Service
service_tftp_disabledDisable tftp Service
service_vsftpd_disabledDisable vsftpd Service
service_xinetd_disabledDisable xinetd Service
service_ypbind_disabledDisable ypbind Service
set_ip6tables_default_ruleSet Default ip6tables Policy for Incoming Packets
set_iptables_default_ruleSet Default iptables Policy for Incoming Packets
set_iptables_default_rule_forwardSet Default iptables Policy for Forwarded Packets
sshd_disable_compressionDisable Compression Or Set Compression to delayed
sshd_disable_empty_passwordsDisable SSH Access via Empty Passwords
sshd_disable_gssapi_authDisable GSSAPI Authentication
sshd_disable_kerb_authDisable Kerberos Authentication
sshd_disable_rhostsDisable SSH Support for .rhosts Files
sshd_disable_rhosts_rsaDisable SSH Support for Rhosts RSA Authentication
sshd_disable_root_loginDisable SSH Root Login
sshd_disable_user_known_hostsDisable SSH Support for User Known Hosts
sshd_do_not_permit_user_envDo Not Allow SSH Environment Options
sysctl_net_ipv4_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv4 Interfaces
sysctl_net_ipv4_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_secure_redirectsDisable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_secure_redirectsConfigure Kernel Parameter for Accepting Secure Redirects By Default
sysctl_net_ipv4_conf_default_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
sysctl_net_ipv4_icmp_echo_ignore_broadcastsEnable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
sysctl_net_ipv4_icmp_ignore_bogus_error_responsesEnable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces
sysctl_net_ipv4_ip_forwardDisable Kernel Parameter for IP Forwarding on IPv4 Interfaces
sysctl_net_ipv4_tcp_syncookiesEnable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces
sysctl_net_ipv6_conf_all_accept_raConfigure Accepting Router Advertisements on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
sysctl_net_ipv6_conf_all_forwardingDisable Kernel Parameter for IPv6 Forwarding
sysctl_net_ipv6_conf_default_accept_raDisable Accepting Router Advertisements on all IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
sysctl_net_ipv6_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
wireless_disable_in_biosDisable WiFi or Bluetooth in BIOS
wireless_disable_interfacesDeactivate Wireless Network Interfaces
xwindows_runlevel_settingDisable X Windows Startup By Setting Runlevel